In January 2024, hackers worldwide most frequently exploited at least three known vulnerabilities, each with the highest threat level. Alexander Leonov, a leading expert of the laboratory of the Expert Security Center for Positive Technologies, told socialbites.ca about this.
The first vulnerability is called CVE-2023-22527 and has the highest severity score: 10 out of 10. It is located in the Atlassian Confluence program. Atlassian Confluence is an enterprise web wiki developed by Australian software company Atlassian. Remote arbitrary code execution vulnerability in Atlassian Confluence could allow an attacker to execute arbitrary code on the Confluence server. The vulnerability affects versions released before December 5, 2023, including those that no longer have official support from the vendor. In January 2024 alone, more than 1,000 attempts to exploit CVE-2023-22527 were recorded at Russian businesses.
The second vulnerability is CVE-2023-34048. Threat level – 9.8 out of 10. Vulnerable software – VMware vCenter Server, an application for centrally managing VMware vSphere environments and creating a virtual cloud infrastructure. The vulnerability was discovered in October 2023. There were no confirmed cases of exploitation of this vulnerability at that time, but on January 17, 2024, VMware updated mitigation recommendations confirming that the vulnerability was exploited during cyber attacks. According to Mandiant’s information security experts, CVE-2023-34048 has been used by many Chinese groups since at least the end of 2021.
The third vulnerability is CVE-2023-7028. Severity level – 10 out of 10. Associated with taking control of someone else’s account in GitLab CE/EE. GitLab CE/EE is a Git repository management system for collaborative project development. CVE-2023-7028 allows you to take control of someone else’s account by modifying the password recovery form.
“An attacker could send an email containing a password reset code to a pre-prepared, unverified email address. To exploit this vulnerability, two-factor authentication must be disabled on the account or the attacker must bypass two-factor authentication using social engineering or another method,” Leonov explained.
GitLab stated that there were no cases of this vulnerability being actively exploited at the time the security bulletin was published. However, using the Netlas search engine, Positive Technologies experts discovered more than 89,000 Gitlab installations, of which approximately 10,000 were on Russian IP addresses.
“The number of known security vulnerabilities is increasing day by day. The expert added that on average last year, about 78 vulnerabilities were added per day.
Former cyber expert named The most popular way to deceive customers of Russian banks on the Internet.